As always with OpenDS the install is very straightforward and painless. Once up and running the GUI makes a nice change from the slow, cluttered mess of the old Directory Server. I’d now rate OpenDS is a solid, mature offering, and I’ll be looking at replacing some of my aging DS 5.2 installs with it.

OpenDS qualifies for support from Sun, in it’s Sun OpenDS Standard Edition guise, so there’s no reason not to look at production deployments. For the more esoteric installs, you’ll still want Sun Directory Server (v.7 is being working on at the moment) but for a smaller or more straightforward install, OpenDS will fit the bill nicely.

Looking for UNIX and IT expertise? Why not get in touch and see how we can help?

In this post I’m going to quickly show how to use the tools ldapaddent and ldapmodify to change an existing LDAP entry. Specifically this relates to Sun’s stupidly named Java Enterprise Directory Server 5.2, which I’ve been doing a lot of work with recently. However the ldapmodify command that comes with Solaris basically does the same job regardless of which LDAP server you’re talking to.

If an entry already exists in the LDAP directory, then ldapaddent will fail when trying to add the data. So we need to use another method.

We can see they have the JET profile – let’s add the System Administrator profile too.

We can redirect the output from ldaplist direct to a text file for direct use as a backup, as this is already in LDIF format:
bash-3.00$ ldaplist -l passwd tomk > /var/tmp/tomk.ldif

If we really got things wrong we could just delete the entry from the directory, and then use ldapddent to add our backed-up entry and get back to where we started.

Now we need to create a change file, which will contain the data we want to modify. Again, this file will be a text file with the LDIF syntax, and it will have some specific keywords that define the type of change and the data that should be modified.

In this instance, we want to add another profile, so we create a file called tomk.ldif with the following contents:
dn: uid=tomk,ou=people,dc=siliconbunny,dc=org
changetype: modify
replace: SolarisAttrKeyValue
SolarisAttrKeyValue: type=normal;profiles=JET,System Administrator

The format of the file is straightforward. The first line contains the file context of the object to be modified. The second line shows the action to be taken on the object. The third line shows the specific action to be taken for an entry, and the fourth line has the new data.

Note that, within this file, we could modify several entries at once – we would just need multiple ‘replace’ and attribute lines to detail the data.

Once we have this file we can call ldapmodify to load this data into the LDAP directory, modifying the user’s details:
bash-3.00$ ldapmodify -D “cn=Directory Manager” -r -f /tmp/tomk.ldif

ldapmodify will prompt us for the Directory Manager’s password, and then carry out the changes.

ldapmodify will also allow us to edit multiple entries at once. For example, let’s look at not only adding the System Administrator RBAC role, but also adding a title for use with an internal phone book app.